Security

Security

Sign in

United States (English)

HomeLibraryLearnDownloadsSupportCommunityForums

Getting Started Security Development Lifecycle SDL Threat Modeling Identity Management Information Security patterns & practices security Security Forums Security Development Lifecycle Claims based access platform (CBA), code-named Geneva CAT.NET

Featured Security Content Get the Microsoft Security Development Lifecycle toolset – it’s free Download the templates and tools made available at no cost by Microsoft to help you automate SDL practices. Microsoft's Security Talk Series: Discusses the latest in security & privacy Join the discussion with a diverse group of leading security and privacy experts in this informative series of webcasts. These discussions help you gain insight and prescriptive guidance on a variety ... more Write more secure code with the Microsoft Security Development Lifecycle (SDL) Download the Simplified Implementation of the Microsoft SDL to learn about the software development security activities you should perform in order to improve the security of your code. Announcing WIF support for Windows Server 2003 Windows Identity Foundation (WIF) RTW for Windows Server 2003 is available NOW! This release supports both Windows Server 2003 SP2 and Windows Server 2003 R2 platforms and following seven languages: E... more Download Windows Identity Foundation Today Windows Identity Foundation helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integr... more

More Security "How Do I" Videos >

SDL Team Blog A Microsoft-wide initiative and a mandatory policy since 2004, the Security Development Lifecycle (SDL) introduces security and privacy early and throughout the development process. Combining a holistic and practical approach, the SDL is risk-based with the goal of protecting end-users by reducing the number and severity of vulnerabilities in code. Secure Development Is Much Easier Than You Think Wednesday, Jul 24 !Exploitable crash analyzer version 1.6 Thursday, Jun 13 Microsoft SDL Conforms to ISO/IEC 27034-1:2011 Tuesday, May 14 Register Now for SDC 2013 and Save! Wednesday, May 1 Register Now and Save Wednesday, Apr 17

Identity Management Team Blog Windows Identity Foundation enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. Enjoy greater productivity, applying the same tools and programming model to build on-premises software as well as cloud services. Announcing July 2011 update to Access Control Service 2.0 Monday, Jul 25 Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview! Monday, May 16 AD FS 2.0 Content Map is published Thursday, Apr 21 Windows Azure AppFabric Access Control Service released! Tuesday, Apr 12 AD FS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager Monday, Apr 4

MSDN Magazine: Focus on Security

Read in-depth security articles from the authors of MSDN Magazine.

ASP.NET: Enabling and Customizing ASP.NET Web API Services Security
If you’re calling Web API service from secured ASP.NET pages, you probably have all the security you need. But if you want to extend Web API’s securit... more

Cutting Edge: Social Authentication in ASP.NET MVC 4
ASP.NET MVC 4 now includes an ad hoc framework to authenticate users via a number of social networks, and Dino Esposito shows you how.Dino EspositoMSD... more

Security: Access Online Services with the Windows Runtime and OAuth
Whether managing data with XHR or authenticating to a remote service with the WebAuthenticationBroker, WinJS and WinRT help you mash online services w... more 

 

 

Security Updates

Microsoft security bulletin summary for July 2013

July 2013 security bulletin webcast

Featured Downloads

Download AD FS 2.0 AD FS 2.0 is a security token service for IT that issues and transforms claims and other tokens, manages user access and enables federation and access management for simplified single sign-on.

More Security Downloads >

Application Security Tip of the Week

Do Not Cache Sensitive Data
Applies To ASP.NET 4.0 What to Do ASP.NET output caching is a great way to improve application perfo... more

More Tips...

Application and Cyber Security Blog

Read up on software engineering, cybersecurity, and application risk management as offered by Security Innovation

Sony CISO Reporting to Executive Management. Maybe Cyber Security Czar will follow suit?
http://web.securityinnovation.com/blog/bid/72444/Sony-CISO-Reporting-to-Executive-Management-Maybe-Cyber-Security-Czar-will-follow-suitIn my previous ... more

Why responsible disclosure is the best choice for Security Innovation
http://web.securityinnovation.com/blog/bid/70136/Why-responsible-disclosure-is-the-best-choice-for-Security-InnovationThere is a wide range of ways to... more

Sony appoints CISO in response to PlayStation attacks……but reports to the CIO?????
http://web.securityinnovation.com/blog/bid/70713/Sony-appoints-CISO-in-response-to-PlayStation-attacks-but-reports-to-the-CIOA few months ago, Sony an... more

Other Security Resources

	Code Gallery Download or share sample applications or code snippets.
	CodePlex Microsoft's open source project-hosting site.
	Security Content on Channel 9 Watch videos and connect with your peers – it's all about the conversation.
	DevLabs Explore the projects that we are experimenting with in our labs, and let us know if they inspire you.
	patterns & practices Use Microsoft's proven practices for software engineering.